/*
 * All rights Reserved, Designed By cloudland Copyright(C) 2010-2014
 *
 * fileName:  XSSCheckRequest.java
 * author:  lei
 * Company:  Cloudland Studio
 * Createdate:  2013-9-14 上午11:29:05
 *   
 * Modification  History:
 *     Date           Author        Version        
 * -------------------------------------------
 * 2013-9-14          Lei            1.0        
 *
 * Why & What is modified:
 * 1.0: 文件创建
 */
package org.cloudland.web.context.request;

import java.util.Collection;
import java.util.Iterator;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;


 /**
 * <pre> 
 * 校验 XSS 攻击请求
 * </pre>
 * @ClassName  XSSCheckRequest
 * @author  lei
 * @version  %I%, %G%
 * @see  
 * @since   JDK1.6
 *
 */
public class XSSCheckRequest extends HttpServletRequestWrapper {

	/**
	 * <pre>
	 * default constructor
	 * </pre>
	 *
	 * @param request   
	 */
	public XSSCheckRequest(HttpServletRequest request)
    {
        super(request);
    }
	
	/**
	 * @param name
	 * @return
	 */
	@Override
    public String getParameter(String name)
    {      
        name = doClearlllegalCharacter(name);
        return doClearlllegalCharacter(super.getParameter(name));
    }
	
	/**
	 * @return
	 */
	@SuppressWarnings({ "rawtypes", "unchecked" })
	@Override
    public Map getParameterMap()
    {
        Map map = super.getParameterMap();
        
        Object key = null;
        Object value = null;
        Object[] values = null;
        for (Iterator iter = map.keySet().iterator(); iter.hasNext();) {
        	key = iter.next();
        	value = map.get(key);
        	if (value instanceof Collection) {
        		values = ((Collection)value).toArray();
        		for (int i = 0; i < values.length; i++) {
        			values[i] = doClearlllegalCharacter(String.valueOf(values[i]));
        		}
        		map.put(key, values);
        	} else {
        		value = doClearlllegalCharacter(String.valueOf(value));
        		map.put(key, value);
        	}
        }
        
        return map;
    }
	
    /**
     * @param name
     * @return
     */
    @Override
    public String[] getParameterValues(String name)
    {
        name = doClearlllegalCharacter(name);
        String[] values = super.getParameterValues(name);
        if (null == values) {
            return null;
        }
        
        String[] safetyArray = new String[values.length]; 
        for (int i = 0; i < values.length; i++) {
            safetyArray[i] = doClearlllegalCharacter(values[i]);
        }
        
        return safetyArray;
    }
    
    /**
     * @param name
     * @return
     */
    @Override
    public String getHeader(String name)
    {
        name = doClearlllegalCharacter(name);
        return doClearlllegalCharacter(super.getHeader(name));
    }
    
	private boolean isExistsFilterString(String result)
    {
        boolean checkResult=false;
        if(result.contains("<")||result.contains(">")||result.contains("[e|E][v|V][a|A][l|L]\\((.*)\\)")
                ||result.contains("[\\\"\\\'][\\s]*[j|J][a|A][v|V][a|A][s|S][c|C][r|R][i|I][p|P][t|T]:(.*)[\\\"\\\']")
                ||result.contains("<[s|S][c|C][r|R][i|I][p|P][t|T]>")||result.contains("</[s|S][c|C][r|R][i|I][p|P][t|T]>")
                ||result.contains("--"))
        {
            checkResult=true;
        }
        return checkResult;
    }
	
	protected String doClearlllegalCharacter(String value)
    {
        String result = value;
        if(result==null)return result;
//        result = result.trim();
        while(isExistsFilterString(result))
        {
            result=result.replaceAll("<[s|S][c|C][r|R][i|I][p|P][t|T]>", "");
            result=result.replaceAll("</[s|S][c|C][r|R][i|I][p|P][t|T]>", "");
            result = result.replaceAll("<", "&#60;").replaceAll(">", "&#62;");
            result = result.replaceAll("[e|E][v|V][a|A][l|L]\\((.*)\\)", "");
            result = result.replaceAll("[\\\"\\\'][\\s]*[j|J][a|A][v|V][a|A][s|S][c|C][r|R][i|I][p|P][t|T]:(.*)[\\\"\\\']","\"\"");
            result=result.replaceAll("--", "");
        }
        //logger.debug("XSS过滤:过滤前: [" + value + "],过滤后：[" + result + "]");

        return result;
    }
	
	
	
}
